Kernel Configuration

Table of Contents

The Kali Linux kernel differs slightly from the “usual” kernel. For the purposes of penetration testing, we chose to use some defaults that differ from general-purpose Linux distributions, and we also patch the kernel here and there. This page will document these changes.

Default values can be modified via the tool kali-tweaks, but patches can’t be undone without generating a new kernel.

Beside each header will call out if the configuration is a kernel patch or if the behavior was modified by sysctl. If you would like to explore these kernel patches for yourself, you can find them here, on our GitLab.

WiFi injection (Patch)

We supply a WiFi injection patch to help with WiFi-based penetration testing.

dmesg unrestricted (sysctl)

The kernel logs are unrestricted by default, meaning that any unprivileged user can run the command dmesg and inspect the kernel logs (also called the “kernel ring buffer”). If you would prefer dmesg to remain a privileged command, you can use kali-tweaks to restore this behavior.

Privileged ports (sysctl)

Traditionally, IPv4 ports below 1024 are called “privileged ports,” and can only be used by the privileged user. In Kali Linux, this is disabled by default, meaning that all ports are “unprivileged,” or in other words any user can run a program that binds to any port, even below 1024.

This was done as Kali is no longer root user by default, and with a non-root user some tools, such as netcat or Metasploit, may be trying to use ports that would require privilege. This should cut-down on the need to run sudo as often. If you would like to leave ports 1024 and below as privileged, this can be done through kali-tweaks.

Misc (Patches)


Updated on: 2024-Mar-01
Authors: arnaudr , gamb1t